本文介绍了正确配置devise_ldap_authenticatable的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的Rails应用程序(使用Devise + Devise LDAP Authenticatable)和尝试与之通信的Active Directory服务器存在一些连接问题.

I'm having some connectivity issues with my Rails app (using Devise + Devise LDAP Authenticatable) and the Active Directory server I'm attempting to communicate with.

我已经能够使用以下命令成功执行绑定并使用ldapsearch搜索:

I've been able to successfully perform a bind and search with ldapsearch using the following command:

ldapsearch -H ldap://ad.example.com:389 -b "ou=dept,ou=Users,ou=company,dc=example,dc=com" -D "[email protected]" -W "&(objectClass=organizationalPerson)(objectClass=Person))" mail

ldapsearch -H ldap://ad.example.com:389 -b "ou=dept,ou=Users,ou=company,dc=example,dc=com" -D "[email protected]" -W "&(objectClass=organizationalPerson)(objectClass=Person))" mail

既然可行,我假设我的devise_ldap_authenticatable配置出现问题,如下所示:

Since that works, I'm assuming I have an issue with my devise_ldap_authenticatable configuration, which looks like:

development: 
  host: ad.example.com
  port: 389
  attribute: mail
  base: ou=dept,ou=Users,ou=company,dc=example,dc=com
  objectClass: organizationalPerson
  objectClass: Person
  ssl: false

使用Wireshark,我能够从成功的绑定/搜索(CLI)和失败的绑定/搜索(Rails)捕获流量.成功绑定成功将电子邮件地址作为bindRequest(LDAPMessage bindRequest(1) "[email protected]" simple)的一部分正确发送,但是来自Rails应用程序的bindRequest看起来像LDAPMessage bindRequest(1) "<ROOT>" simple

Using Wireshark I was able to capture traffic from both the successful bind/search (CLI) and the failed bind/search (Rails). The successful bind correctly sends the email address as part of the bindRequest (LDAPMessage bindRequest(1) "[email protected]" simple) but the bindRequest from the Rails app looks like LDAPMessage bindRequest(1) "<ROOT>" simple

有人能发现我的配置存在明显问题吗?谁能将我的ldapsearch命令转换为正确的YAML配置?

Is anyone able to spot an obvious issue with my config? Can anyone translate my ldapsearch command into a proper YAML config?

推荐答案

我以前曾使用过Devise.rb配置选项,但是一定做错了.

I had played around with this Devise.rb config option previously, but must have done something incorrect.

Devise.rb中添加以下内容似乎已经解决了我的绑定问题:

Adding the following to Devise.rb seems to have resolved my bind issue:

config.ldap_auth_username_builder = Proc.new() { |attribute, login, ldap| login }

这篇关于正确配置devise_ldap_authenticatable的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-27 23:46